Error
Error Code: 3895

MySQL Error 3895: Empty New Password Retention Attempt

📦 MySQL
📋

Description

This error indicates an attempt to modify a user's password where the designated new password is an empty string. MySQL's security policy prevents setting an empty password, especially when explicitly trying to retain the current password in certain update operations, leading to this failure.
💬

Error Message

Current password can not be retained for user '%s'@'%s' because new password is empty.
🔍

Known Causes

3 known causes
⚠️
Accidental Empty Password Input
A user or application mistakenly provided an empty string when prompted for a new password during an ALTER USER or SET PASSWORD operation.
⚠️
Application Logic Error
An automated script or application incorrectly generates or passes an empty password string to MySQL during a password update attempt.
⚠️
Conflicting Password Retention Logic
This error specifically highlights the conflict when attempting to use the 'RETAIN CURRENT PASSWORD' clause while simultaneously specifying an empty new password, which is disallowed.
🛠️

Solutions

3 solutions available

1. Provide a Valid New Password easy

Ensure a non-empty password is provided during the change operation.

1
When attempting to change a user's password, always specify a non-empty string for the new password. This error occurs when the new password field is intentionally left blank.
ALTER USER 'username'@'host' IDENTIFIED BY 'a_strong_new_password';
2
If you are using a script or application to manage users, review the code to ensure that an empty string is not being passed as the new password.
// Example in JavaScript (Node.js with a MySQL driver)
const newUserPassword = 'a_secure_password'; // Ensure this is never an empty string
// ... execute SQL query with newUserPassword

2. Re-execute Password Change with a Value easy

Correct the previous failed attempt by providing a proper password.

1
If you previously encountered this error by attempting to set an empty password, simply re-execute the `ALTER USER` statement with a valid, non-empty password.
ALTER USER 'your_user'@'your_host' IDENTIFIED BY 'your_new_secure_password';

3. Verify User Authentication Plugin medium

Ensure the authentication plugin supports empty passwords (which is generally not recommended).

1
While not a direct fix for the 'empty new password' error, understanding the authentication plugin is crucial. Some older or custom plugins might have different behaviors. However, for standard MySQL, an empty password is not allowed for retention.
SELECT user, host, plugin FROM mysql.user WHERE user = 'username' AND host = 'host';
2
If you are using a non-standard plugin and *intend* to allow empty passwords (highly discouraged for security reasons), you would need to reconfigure that specific plugin's behavior. For most common scenarios, stick to providing a valid password.
text: Consult the documentation for your specific authentication plugin if it's not a standard MySQL plugin.
🔗

Related Errors

5 related errors
3878 Error
MySQL Error 3878: Empty Second Password Not Allowed This error indicates an attempt to assign an empty string as the 'second passwor...
3892 Error
MySQL Error 3892: Missing Current Password This error indicates that an attempt was made to change a MySQL user's password ...
3894 Error
MySQL Error 3894: Password Retention on Plugin Change This error indicates that MySQL cannot retain a user's current password when the...
3876 Error
MySQL Error 3876: Granting Roles to Anonymous User This error occurs when you attempt to assign database roles to a user account th...
3891 Error
MySQL Error 3891: Invalid Current Password Specified Error 3891 indicates that the current password provided during a password change...